A security issue about the Gnome authorized applet
Thomas Munck Steenholdt
tmus at get2net.dk
Wed Sep 3 06:27:44 UTC 2003
> Today I use a common user account login, then I change the login screen
> setting in system-settings:/// with root password. I logoff then to see
> the new login screen. Then I login again with the same common user
> account mentioned just now.When I get in to Gnome again, I notice that
> the authorize applet, which icon is two yellow keys, is still there.
> So I think maybe something on security issue. I think I should not see
> the authorize applet , since I have already logoffed just now. And I
> think we must change it.
> After all, the applet quit after some period of time. However, I still
> think it should not appear when I re-login as soon as I logoff.
>
If I recall correctly, the authorize applet you are talking about, is
really an indicator of a state which is handled by pam on system level,
rather than in gnome. everybody correct me if I'm wrong (i know you all
will ;-) )
This would mean that if pam allows you to "cache" root access for 3
minutes, then it would be possible to logout and log back in before the
access timing out.
Regards
Thomas
More information about the test
mailing list